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The MAILING DATE of this communication appears on the cover sheet with the correspondence address 
Period for Reply 

A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) FROM 
THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1 .136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If the period for reply specified above is less than thirty (30) days, a reply within the statutory minimum of thirty (30) days will be considered timely. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 133). 

- Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1.704(b). 

Status 

Responsive to communication(s) filed on 21 July 2004 . 
2a)D This action is FINAL. 2b)S This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quay/e, 1935 CD. 11, 453 O.G. 213. 
Disposition of Claims 

4) ^ Claim(s) 1-8 and 18-29 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) D Claim(s) is/are allowed. 

6) S Claim(s) 1-8 and 18-29 is/are rejected. 

7) D Claim(s) is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) D The specification is objected to by the Examiner. 

10) D The drawing(s) filed on is/are: a)D accepted or b)D objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1.85(a). 

1 1) D The proposed drawing correction filed on is: a)D approved b)D disapproved by the Examiner. 

If approved, corrected drawings are required in reply to this Office action. 

12) D The oath or declaration is objected to by the Examiner. 
Priority under 35 U.S.C. §§ 1 1 9 and 1 20 

13) D Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 1 19(a)-(d) or (f). 

a)DAII b)D Some*c)D None of: 

1 .□ Certified copies of the priority documents have been received. 

2. Q Certified copies of the priority documents have been received in Application No. . 

3. Q Copies of the certified copies of the priority documents have been received in this National Stage 

application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 

14) D Acknowledgment is made of a claim for domestic priority under 35 U.S.C. § 119(e) (to a provisional application). 

a) □ The translation of the foreign language provisional application has been received. 

15) D Acknowledgment is made of a claim for domestic priority under 35 U.S.C. §§ 120 and/or 121. 
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OFFICE ACTION 

1 . This action is responsive to communications: Request for Continued Examination, filed on 
07/21/2004. 

2. Claims 1-8, 18-29 are presented for examination. In amendment B, filed on 07/21/2004: 
Claims 1, 18, 26 are amended. 

Claim Rejections - 35 USC § 112, second paragraph 

Claims 1-8, 18-29 are rejected under 35 U.S.C. 1 12, second paragraph, as being 
indefinite for failing to particularly point out and distinctly claim the subject matter 
which applicant regards as the invention. 

a. The claim language in the following claims is murky: 

i. As per claim 1, line 4, "a subset of the plurality of client computer systems" can 
be interpreted as one or more, while line 9 "the subset of client computer systems" implies more 
than one computer. Based on the above sections, it is not clearly understood whether 'the subset' 
is multiple computers or a single computer, for the purpose of examination, single computer will 
be used, this assertion is based on Applicant's claim 6, wherein 'single client computer system' is 
claimed. 



Claim Rejections - 35 USC § 102 
3. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the 
basis for the rejections under this section made in this Office action: 
A person shall be entitled to a patent unless - 

(e) the invention was described in a patent granted on an application for patent by another filed in the United 
States before the invention thereof by the applicant for patent, or on an international application by another who has 
fulfilled the requirements of paragraphs (1 ), (2), and (4) of section 371 (c) of this title before the invention thereof by 
the applicant for patent 



4. 



Claims 1, 3, 6, 8, 18, 20, 23, 25, 26-29 are rejected under 35 U.S.C. 102(e) as being anticipated 
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by Wood et al. (hereinafter Wood), US 6,691,232. 

5. As per claims 1 and 18, Wood teaches a computer network including a server computer 
system (Fig 1, item 1 10) attachable to a plurality of client computer systems (Fig 1, item 170, wherein 
each client computer system has a browser), wherein the server computer system is capable of 
authenticating the plurality of client computer systems using a plurality of authentication methodologies 
(Col. 1 1, lines 30-67) a a method of authenticating a subset of the plurality of client computer systems, the 
method comprising: 

an act of a server computer system receiving a request from a controlling client computer system 
(Col. 1 1, lines 30-67; Col. 12, lines 25-50), the request including an instruction identifying at least one of 
the plurality of a uthentication methodologies (Col. 11, lines 45-67) that is to be used when authenticating 
the subset of client computer systems when the client computer systems request service from the server 
computer system, the at least one of the plurality of authentication methodologies having been selected 
based on authentication abilities and access rights of the subset of client computer systems (Col. 1 1, lines 
30-67) a 

an act of the server computer system storing methodology information (Col. 12, lines 25-50) that 
identifies the at least one of the plurality of authentication methodologies so that an acceptable 
authentication methodology can be identified efficiently and without the subset of client computer 
systems unnecessarily revealing secret information (see for example, Col. 1 1, lines 30-67, wherein digital 
certificate allows authentication without revealing unnecessary secret information); 

an act of the server computer system receiving a subsequent request, from the subset of client 
computer systems for service from the server computer system (Col. 12, lines 25-50); 

an act of the server computer system, upon receiving the subsequent request determining how to 
authenticate the subset of client computer systems based on the stored methodology information (Col. 12, 
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lines 25-50) ; and 

an act of the server computer system authenticating the subset of client computer systems using at 
least one the authentication methodology identified in the instruction (Col. 12, lines 25-50). 

6. As per claims 3 and 20, Wood teaches wherein the instruction includes at least an 
instruction to accept a basic HTTP authentication method for use in authenticating the subset of client 
computer systems (Col. 12, lines 25-30). 

7. As per claims 6 and 23, Wood teaches wherein the subset of client computer systems is a 
single client computer system (Fig 1, item 170). 

8. As per claims 8 and 25, Wood teaches a computer-readable medium having computer- 
executable instructions for performing the acts recited in Claim 1 (Col. 1 1, lines 30-65). 

9. As per claim 26, Wood teaches a computer-readable medium having stored thereon a 
data structure having a plurality of fields, the data structure comprising: 

a plurality of client identifier fields that each identify a client computer system that is connected to a 
server computer system (Col. 1 1, lines 50-55); and 

for each identified c lient computer system, the data structure further comprising at least one 
authentication field that identifies an authentication method (Col. 1 1, lines 55-60) to be used by the server 
computer system for authenticating the client computer system upon receiving a request from the client 
computer system for service, the authentication method having been selected based on authentication 
abilities and access rights of the subset of client computer systems so that the client computer systems 
need not unnecessarily reveal secret information (see for example, Col. 11, lines 30-67, wherein digital 
certificate allows authentication without revealing unnecessary secret information). 
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10. As per claim 27, Wood teaches wherein each client identifier field identifies a single 
client computer system (Col. 1 1, lines 50-55). 

11. As per claim 28, Wood teaches a computer readable medium as recited in claim 26, 

wherein the server computer system has access to the data structure prior to receiving the request from the 
client computer (Col. 12, lines 25-50). 

12. As per claim 29, Wood teaches a computer-readable medium as recited in claim 26, 
wherein the data structure is further configured to be altered upon being stored, so as to allow a client 
computer to use additional authentication methods (Col. 1 1, lines 30-67). 
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Claim Rejections - 35 USC § 103 

13. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all obviousness 

rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are such that the 
subject matter as a whole would have been obvious at the time the invention was made to a person having ordinary skill in the art 
to which said subject matter pertains. Patentability shall not be negatived by the manner in which the invention was made. 

14. Claims 2, 4, 5, 19, 21, 22 are rejected under 35 U.S.C. 103(a) as being unpatentable over Wood et 
al. (hereinafter Wood), US 6,691,232, in view of AAPA (Applicant Admitted Prior Art). 

15. As per claims 2 and 19, Wood does not explicitly teach wherein the instruction includes 

at least an instruction to accept an assertion authentication method for use in authenticating the subset of 
client computer systems. 

16. AAPA discloses of assertion methodology as a way of authenticating between client and server, 
see for example, pg 3, lines 1-3. 

17. It would have been obvious to one of ordinary skill in this art at the time of invention was made 
to combine the teaching of Wood and AAPA because they both deal with authentication methods, and 
Furthermore, the teaching of AAPA to allow assertion would improve the trust in between the two 
systems, as both sides agree to trust each other initially. Furthermore, Wood's system supports plurality 
of authentication methodologies. 

18. As per claims 4 and 21 Wood does not explicitly teach wherein the instruction includes 

at least an instruction to accept a digest authentication method for use in authenticating the subset of 
client computer systems. 
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19. AAPA discloses of digest method, see for example, pg 3, lines 10-22. 

20. It would have been obvious to one of ordinary skill in this art at the time of invention was made 
to combine the teaching of Wood and AAPA, the rational to combine is discusses in claims 2, 19 above. 

21. As per claims 5 and 22, Wood does not explicitly teach wherein the instruction includes 

at least an instruction to accept an NTLM authentication method for use in authenticating the subset of 
client computer systems. 

22. AAPA teaches NTLM authentication method, see for example, pg 3, lines 23-24. 

23 . It would have been obvious to one of ordinary skill in this art at the time of invention was made 
to combine the teaching of Wood and AAPA, the rational to combine is discusses in claims 2, 19 
above. 

24. Claims 7, 24 are rejected under 35 U.S.C 103(a) as being unpatentable over Wood et 
al. (hereinafter Wood), US 6,691,232, in view of 'Official Notice'. 

25. As per claims 7 and 24, Vandenwauver does not teach wherein the request comprises a data 
structure that represents an extensible Markup Language (XML) element. "Official Notice" is taken that 
the concept and advantages of providing for XML is well known and expected in the art. It would have 
been obvious to one of ordinary skill in this art at the time of invention to include XML element for use in 
client requests because doing so would improve the flexibility and versatility of Wood's system by 
utilizing flexible development of user-defined document types of XML. XML element would provide a 
robust, non-proprietary, persistent, and verifiable file format for the storage and transmission of text and 
data both on and off the Web; and it removes the more complex options of SGML, making it easier to 
program for. 
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Conclusion 

26. Applicant's arguments with respect to claims 1-8, 18-29 have been considered but are moot in 
view of the new ground(s) of rejection. 

The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
The following patents and publications are cited to further show the state of the art with respect to 
"Methods and systems for selecting methodology for authenticating computer systems on a per computer 
system or per user basis". 



i. 


US 6,170,057 


Inoue et al. 


ii. 


US 5,721,780 


Ensor et al. 


iii. 


US 6,470,447 


Lambert et al. 


iv. 


US 6,278,449 


Sugiarto et al. 


v. 


US 6,185,612 


Jensen et al 


vi. 


US 5,930,804 


Yuetal. 


vii. 


US 5,909,503 


Graves et al. 


viii. 


US 5,875,432 


Sehr. 


ix. 


US 6,446,204 


Panget al. 



x. "SDSS Science Archives Security module API", Gyula P. Szokoly 1996. 

xi. "Sesame Authentication protocol" 

xii. "Modern Encryption Methods in User Authentication", Lass Huovinen, 1997 

xiii. "Integrating Policy-Driven Role Based Access Control Security Architecture", Along 
Lin, 1999 
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Any inquiry concerning this communication or earlier communications from the examiner should 
be directed to Chad Zhong whose telephone number is (571)272-3946. The examiner can normally be 
reached on M-F 7:15 to 4:30. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, 
BURGESS, GLENTON B can be reached on (571)272-3949. The fex phone number for the organization 
where this application or proceeding is assigned is 703-872-9306. 

Information regarding the status of an application may be obtained from the Patent Application 
Information Retrieval (PAIR) system. Status information for published applications may be obtained 
from either Private PAIR or Public PAIR. Status information for unpublished applications is available 
through Private PAIR only. For more information about the PAIR system, see http://pair- 
direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 



CZ 

March 8, 2005 




